Hello, 3GPP mostly focuses on specifying the correct behaviour of nodes, on defining compliance test cases and relying on vendor's declaration of compliance to the test cases.
I agree that it is possible that a UE (client) can misbehave as you stated below but so far none reported this yet. So, there was no need to specify network countermeasures in 3GPP. IMO (and this is really my speculation only as 3GPP does not say anything on this), if misbehaving UEs (clients) appear: - the ePDG (server) could detect the misbehaving UE (client) since ePDG (server) can measure frequency of reception of the INFORMATIONAL requests without payloads. If this is a constant pattern, the operator can request vendor of the UE (client) to update firmware/software of the misbehaving UEs (clients). - under normal circumstances, I would not expect ePDG (server) to kick misbehaving UEs (clients). - if the ePDG (server) is overloaded with a lot of INFORMATIONAL requests without payloads, and needs to reduce the load then perhaps ePDG (server) could consider whether the UE (client) sends too frequent INFORMATION requests when reducing the load by kicking some UEs (clients) out. In any case, the above is just internal ePDG (server) handling and can be deployed without further standardization. Kind regards Ivo Sedlacek -----Original Message----- From: Tero Kivinen [mailto:[email protected]] Sent: Friday, February 26, 2016 12:24 PM To: Ivo Sedlacek Cc: Paul Wouters; [email protected]; [email protected] Subject: Re: [IPsec] IANA allocation of TIMEOUT_PERIOD_FOR_LIVENESS_CHECK Ivo Sedlacek writes: > 3GPP spec expects that if the client (User Equipment) supports the > TIMEOUT_PERIOD_FOR_LIVENESS_CHECK configuration attribute, then the > client (User Equipment) *enforces* the timer value indicated in the > TIMEOUT_PERIOD_FOR_LIVENESS_CHECK configuration attribute in CFG_REPLY > sent by server (Evolved Packet Data Gateway). > > I.e. it is an intruction, not a suggestion. Yes, but there is nothing there to say what the server will do if the UE misbehavies. I.e. if the UE simply ignores the timeout period it received and instead of the server requested 300 seconds uses 30 seconds for the timeout period. Is the server going to detect this? Is the server going to kick the UE out because it misbehaves and sends liveness checks too often? On the other hand IKEv2 RFC also allows sending liveness checks at any time when client thinks there might be issues (for example it receives ICMP message), so server cannot kick UE out just because it does liveness checks too often. On the other hand if server asks for 30 seconds, and UE uses 300 seconds, is the server going to assume that UE is dead as it didn't send liveness check in last 30 seconds? Is it going to free the resources of the UE after some amount of time when it should have received liveness check etc. So as there is no server side behavior described in the 3gpp EPC specification, this is more like suggestion than actual requirement. It is similar than laws we have where you must do something, but even if you do not there is no penalty, i.e. it is unenforceable law. Of course in most cases the UE will follow the liveness check timeout period requested by the EPC, as it does not have any reason not to, but UE might still want to have some limits for those, i.e. even if the server asks liveness checks every second, it might be good idea to make the lower limit to something like 30 seconds... -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
